Skills
skills/dkyazzentwatwa/chatgpt-skills/word-cloud-generator/Gen Agent Trust Hub

word-cloud-generator

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATION
Full Analysis
  • [Data Exposure & Exfiltration] (MEDIUM): The skill provides methods WordCloudGenerator.from_file(), wc.shape(mask=...), and wc.font() that accept file paths without validation. An attacker could provide paths to sensitive files (e.g., ~/.ssh/id_rsa or .env) to have their contents processed and potentially leaked through the word cloud output or the get_frequencies() method.
  • [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and process untrusted external data (text files) to generate summaries or visualizations.
  • Ingestion points: from_file and mask parameters in SKILL.md.
  • Boundary markers: None. The skill processes all file content as valid input data.
  • Capability inventory: File system read access, file system write access via save(), and data transformation.
  • Sanitization: No sanitization of input text or file paths is mentioned or implemented.
  • [Unverifiable Dependencies] (LOW): The skill relies on several external Python packages (wordcloud, matplotlib, Pillow, numpy). While these are standard and widely used libraries, they are listed without specific version pinning in some examples, though the requirements.txt provides minimum versions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:05 AM